我无法遍历我提供的AWS区域列表&我很困惑为什么列表是从相反的顺序开始的?
此代码基本上逐个连接所有aws区域,然后打印安全组详细信息:
regions = ['us-east-1','us-west-1','us-west-2','eu-west-1','sa-east-1','ap-southeast-1','ap-southeast-2','ap-northeast-1']
for region in regions:
connection=ec2.connect_to_region(region)
sg.extend(connection.get_all_security_groups())
def getTag(instanceId):
reservations=connection.get_all_instances(filters={'instance_id':instanceId})
for res in reservations:
for instance in res.instances:
return instance.tags['Name'],instance.private_ip_address,instance.region
try:
for securityGroup in sg:
for rule in securityGroup.rules:
global instanceId;
if rule.to_port == '22' and '0.0.0.0/0' in str(rule.grants):
for instanceid in securityGroup.instances():
instanceId=str(instanceid)
print "Port 22 is open for 0.0.0.0/0:, SecurityGroupName: %s Instance Details --> : %s " %(securityGroup.name, getTag(instanceId.split(':')[1]))
根据答案,我现在无法获取实例详细信息,结果是
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: interview-linux Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: interview-linux Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: launch-wizard-mingjun Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: SSH+HTTPS Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: temp-engg-logi Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-prod-1w-secgroup Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-prod-1w-secgroup Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-trial-1w-secgroup Instance Details --> : None
Port 22 is open for 0.0.0.0/0:, SecurityGroupName: na-trial-1w-secgroup Instance Details --> : Non
答案 0 :(得分:2)
因为在for region in regions:循环中,您在每次迭代中都会覆盖sg。您可能想要的是
sg = list()
for region in regions:
connection=ec2.connect_to_region(region)
sg.extend(connection.get_all_security_groups())
编辑:(实例详细信息 - >:无)
这里的问题是,在我前面提到的循环中,你也覆盖connection,即connection=ec2.connect_to_region(region)。
因此,当您在connection.get_all_instances(filters={'instance_id':instanceId})方法中执行getTag时,instanceId仅在最后一个区域ap-northeast-1中查找。由于该实例不属于此区域,因此您获得None。
您需要将代码重新排序为
def getTag(connection, instanceId):
reservations=connection.get_all_instances(filters={'instance_id':instanceId})
for res in reservations:
for instance in res.instances:
return instance.tags['Name'],instance.private_ip_address,instance.region
regions = ['us-east-1','us-west-1','us-west-2','eu-west-1','sa-east-1','ap-southeast-1','ap-southeast-2','ap-northeast-1']
for region in regions:
connection=ec2.connect_to_region(region)
sg = connection.get_all_security_groups()
try:
for securityGroup in sg:
for rule in securityGroup.rules:
if rule.to_port == '22' and '0.0.0.0/0' in str(rule.grants):
for instanceid in securityGroup.instances():
instanceId=str(instanceid)
print "Port 22 is open for 0.0.0.0/0:, SecurityGroupName: %s Instance Details --> : %s " %(securityGroup.name, getTag(connection, instanceId.split(':')[1]))